Many small Canadian firms allocate nothing in operating budgets for cybersecurity: Survey

Many Canadian small businesses say they don’t allocate any portion of their annual operating budget to cyber security, according to an Insurance Bureau of Canada online survey this summer.

Asked what percentage of their firm’s annual operating budget is spent on cybersecurity, almost half (47 per cent) of respondents said they spent nothing. That’s worse than in 2019, the last time a similar survey was done, when one-third of respondents said their operating budget had nothing allocated to cybersecurity,

An operating budget would include money for IT staff salaries and fixed costs, like regular licencing or subscription payments to software vendors, insurance, training costs, as well as data breach costs such as fines and lawyers. In addition, small IT departments are unlikely to have a dedicated cybersecurity staff: all members of IT are expected to handle the normal duties of information technology, including cybersecurity.

However, an operating budget doesn’t include spending on the purchase of hardware and software. That’s in a company’s capital budget – which the survey didn’t ask about.

The survey did show that most respondent firms are spending on cybersecurity. Asked what type of defences against cyberattacks their company has currently implemented, 78 per cent said they have at least one of a list that included anti-virus, data backup, firewall, encryption, controlled use of foreign applications and training.

On the other hand, when asked if their business has implemented defences against a possible cyberattack, 48 per cent said no.

The online survey of 300 small businesses (defined as firms with between one and 499 employees) was done between July 28th and August 5th. Because it was done online there is no estimate of the margin of error.

The survey was released as part of the annual Cybersecurity Awareness Month.

Asked if it was a major oversight that respondents weren’t asked about their capital spending, Jordan Brennan, the bureau’s vice-president of policy, didn’t answer directly. Instead he said it was “surprising” that, given the rising number of cyberattacks, respondents in this year’s survey said they spend nothing on cybersecurity in their operating budget.

When it was pointed out organizations could be investing more on cybersecurity in capital spending than in past years, Brennan simply repeated that the survey shows many respondents say they dedicate nothing to cybersecurity in their operating budgets.

Among other findings

–21 per cent of respondents said their firm had suffered a cyber attack in the past;

–of those who were victimized, 58 per cent it cost them less than $100,000, while 41 per cent said it cost them at least that;

–66 per cent of respondents felt confident in their business’s ability to withstand a data breach or website shut down. That included 86 per cent of those with 100 to 499 employees. Those that currently have cyber insurance (83 per cent) were more optimistic than those who didn’t (60 per cent);

–overall 24 per cent of respondents said their firm is insured in some way against a cyber attack.

Brennan recommended that business owners follow these steps to help secure their data:

  • enforce multi-factor authentication on login and network access;
  • focus on email security: enable attachment scanning, use external sender banners and train staff (or develop protocols) on spotting and containing malicious phishing attempts; and
  • run regular data backups and make sure the accounts used to run backups have unique credentials

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now